The problem code was intended to allow Chinese carriers to fully test these handsets prior to the start of sales, but multiple OEMs failed to disable the backdoor before release. As a result, an attacker could potentially take advantage of the leftover code to achieve root-level access.

Maybe the scariest thing about this attack is that we don’t know exactly who’s affected. It sounds like it involves primarily older devices, with Android 4.4 KitKat reportedly the vulnerable build in question, but MediaTek has so far declined to publicly release the names of manufacturers believed to ship phones with this debug backdoor in place.

That said, the company does report that it’s notified its manufacturing partners in the hopes that they might release patches or otherwise let their users know about this problem, but so far we haven’t heard of any phone makers stepping forward with that info.

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!